Sergei Golubchik

5 exploits Active since Dec 2016
CVE-2016-6663 WRITEUP HIGH WRITEUP
Oracle MySQL <5.5.52, 5.6.x <5.6.33, 5.7.x <5.7.15, and 8.x <8.0.1 - Privilege Escalation
Race condition in Oracle MySQL before 5.5.52, 5.6.x before 5.6.33, 5.7.x before 5.7.15, and 8.x before 8.0.1; MariaDB before 5.5.52, 10.0.x before 10.0.28, and 10.1.x before 10.1.18; Percona Server before 5.5.51-38.2, 5.6.x before 5.6.32-78-1, and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0, 5.6.x before 5.6.32-25.17, and 5.7.x before 5.7.14-26.17 allows local users with certain permissions to gain privileges by leveraging use of my_copystat by REPAIR TABLE to repair a MyISAM table.
CVSS 7.0
CVE-2026-3494 WRITEUP MEDIUM WRITEUP
MariaDB <=11.8.5 - Audit Log Bypass
In MariaDB server version through 11.8.5, when server audit plugin is enabled with server_audit_events variable configured with QUERY_DCL, QUERY_DDL, or QUERY_DML filtering, if an authenticated database user invokes a SQL statement prefixed with double-hyphen (—) or hash (#) style comments, the statement is not logged.
CVSS 4.3
CVE-2026-3494 WRITEUP MEDIUM WRITEUP
MariaDB <=11.8.5 - Audit Log Bypass
In MariaDB server version through 11.8.5, when server audit plugin is enabled with server_audit_events variable configured with QUERY_DCL, QUERY_DDL, or QUERY_DML filtering, if an authenticated database user invokes a SQL statement prefixed with double-hyphen (—) or hash (#) style comments, the statement is not logged.
CVSS 4.3
CVE-2020-13249 WRITEUP HIGH WRITEUP
MariaDB Connector/C <3.1.8 - Info Disclosure
libmariadb/mariadb_lib.c in MariaDB Connector/C before 3.1.8 does not properly validate the content of an OK packet received from a server. NOTE: although mariadb_lib.c was originally based on code shipped for MySQL, this issue does not affect any MySQL components supported by Oracle.
CVSS 8.8
CVE-2020-7221 WRITEUP HIGH WRITEUP
MariaDB 10.4.7-10.4.11 - Privilege Escalation via Symlink Attack in mysql_install_db
mysql_install_db in MariaDB 10.4.7 through 10.4.11 allows privilege escalation from the mysql user account to root because chown and chmod are performed unsafely, as demonstrated by a symlink attack on a chmod 04755 of auth_pam_tool_dir/auth_pam_tool. NOTE: this does not affect the Oracle MySQL product, which implements mysql_install_db differently.
CVSS 7.8